跳至正文

Install Gitlab Docker & Server Data Transfer

Install

create folder /app/gitlab/config, /app/gitlab/logs, /app/gitlab/data, for data storage.

sudo docker run --detach \
  --hostname gitlab.beekc.top \
  --publish 8300:80 --publish 8301:22 \
  --name gitlab \
  --restart always \
  --volume /app/gitlab/config:/etc/gitlab \
  --volume /app/gitlab/logs:/var/log/gitlab \
  --volume /app/gitlab/data:/var/opt/gitlab \
  --shm-size 256m \
  gitlab/gitlab-ce:latest

In this example, use port 8300 for http, port 8301 for ssh.

Server data transfer

Backup

execute gitlab-rake gitlab:backup:create in previous server. This command will backup server data. Backup file is generated in /var/opt/gitlab/backups/. use scp copy backup file to the new server under /app/gitlab/data/backups/.

gitlab.rb and gitlab-secrets.json are not included in the backup. gitlab.rb contain configurations and gitlab-secrets.json saving user secrets. You may send to new server too.

Configure PostgreSQL

PostgreSQL need be configure according to Gitlab 数据备份和还原, or will get error message

Restoring PostgreSQL database gitlabhq_production … ERROR: must be owner of extension pg_trgm
ERROR: must be owner of extension btree_gist
ERROR: must be owner of extension btree_gist
ERROR: must be owner of extension pg_trgm

But i ignore those message gitlab still work fine.

Restore

use sudo chmode 777 change backup file mode.

close some gitlab server

sudo gitlab-ctl stop unicorn
sudo gitlab-ctl stop sidekiq

Restore data

gitlab-rake gitlab:backup:restore BACKUP=1688374217_2023_07_03_12.9.2

SSH

add gitlab_rails['gitlab_shell_ssh_port'] = 8301 to /app/gitlab/config/gitlab.rb.

Nginx Reverse Proxy

## Redirects all HTTP traffic to the HTTPS host
server {
  listen 80;
  server_name gitlab.beekc.top; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
}

## HTTPS host
server {
  listen 443;
  server_name gitlab.beekc.top; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice

  ## Strong SSL Security
  ssl on;
  ssl_certificate /etc/letsencrypt/live/beekc.top/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/beekc.top/privkey.pem;

  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    proxy_pass http://localhost:8300;
    client_max_body_size 0;
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
#    proxy_pass http://gitlab-workhorse;
  }
}

Reduce Memory Use

In /etc/gitlab/gitlab.rb:

# Optimize Sidekiq
sidekiq['max_concurrency'] = 10

# Optimize Gitaly
gitaly['configuration'] = {
    concurrency: [
      {
        'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
        'max_per_repo' => 3,
      }, {
        'rpc' => "/gitaly.SSHService/SSHUploadPack",
        'max_per_repo' => 3,
      },
    ],
    cgroups: {
        repositories: {
            count: 2,
        },
        mountpoint: '/sys/fs/cgroup',
        hierarchy_root: 'gitaly',
        memory_bytes: 500000,
        cpu_shares: 512,
    },
}

gitaly['env'] = {
  'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
}

# Configure how GitLab handles memory
gitlab_rails['env'] = {
  'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
}

gitaly['env'] = {
  'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
}

Reconfigure gitlab to use the new setting:

sudo gitlab-ctl reconfigure

Reference

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注